diff options
author | Theodore Tso <tytso@mit.edu> | 1999-01-27 05:22:07 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1999-01-27 05:22:07 +0000 |
commit | be974ccede7b6d3d523784a2dac9773a3c97af1d (patch) | |
tree | fb1958743108efc877336979d4569dbba9db884d /src/kdc/kdc_preauth.c | |
parent | d52a4f7d3d43980431063c8cf9ec70c636f25586 (diff) | |
download | krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.gz krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.xz krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.zip |
kdc_preauth.c (check_padata): If preauth fails because the preauth
data from the client was of an unknown type, and the principal does
not require preauth, then the preauth should be disregarded.
[krb5-kdc/652]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11130 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_preauth.c')
-rw-r--r-- | src/kdc/kdc_preauth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 0324694a2e..d1b1b36376 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -301,6 +301,13 @@ check_padata (context, client, request, enc_tkt_reply) } if (pa_ok) return 0; + + /* pa system was not found, but principal doesn't require preauth */ + if (!pa_found && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) && + !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH)) + return 0; + if (!pa_found) com_err("krb5kdc", retval, "no valid preauth type found"); return KRB5KDC_ERR_PREAUTH_FAILED; |